Firefox update plugs 'critical' holes ~ More detail on security update...

CNET ^ | July 27, 2006, 11:30 AM PDT | By Joris EversStaff Writer, CNET News.com

[Ernest_at_the_Beach]

fyi

[Wacka]

IE7- lipstic on a pig.

[Danette]

bumpb for later

[Wacka]

lipstick

[Ernest_at_the_Beach]

From slashdot:

Spyware Disguises Itself as Firefox Extension

***************************************

Juha-Matti Laurio writes "The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. The trojan installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. The most dangerous part of the issue is that it records itself directly into the Firefox configuration data, avoiding the regular installation and confirmation process."

[Ernest_at_the_Beach]

See post #6...another E-Mail approach.

[Ernest_at_the_Beach]

Guess I need to put this link out so it is obvious:

Spyware disguises itself as Firefox extension

***********************************

The antivirus specialists at McAfee have warned of a Trojan that disguises itself as a Firefox extension. It is currently being openly disseminated through spam emails that purport to come from Wal-Mart. If the recipient opens the mail attachment while running a Windows operating system, the Trojan then installs itself as a Firefox extension, presenting itself as a legitimate existing extension called numberedlinks. It then begins intercepting passwords and credit card numbers entered into the browser, which it then sends to an external server. McAfee has dubbed the Trojan "FormSpy," although the company is still currently categorizing its distribution as low.

The file attached to the email consists of an executable Windows program, the AXM downloader. Once launched, it fetches the extension from the Internet and records itself directly into the Firefox configuration data, avoiding the regular installation process. Firefox extensions are normally distributed as XPI files, which ask the user for confirmation after forcing a pause of several seconds.

In a blog entry, Geok Meng Ong from McAfee Avert Labs called on users to take extreme caution when installing unsigned Firefox extensions from untrustworthy sources. This well-intended warning was actually off the mark on several points. One the one hand, only very few websites are authorized to install extensions without seeking additional approval. Furthermore there are at the moment virtually no signed extensions for Firefox or Mozilla. And finally, that mechanism would not have protected against this attack. This is because the user, in opening the file attachment and thereby allowing the foreign program to execute on his computer, automatically provides it with his own usage rights.

An effective protection against this attack is simply never to open file attachments that you have not requested. It is also important not to rely on seemly trustworthy 'From:' address fields, since these are easy to forge. When in doubt, confirm the legitimacy of the email with the purported sender in another way, such as by telephone. Further tips for safe handling of email are provided at heisec Emailcheck.

See also:

• Description of Formspy from McAfee
• Beschreibung zu Downloader-AXM von McAfee
• Spying Gecko Blog entry by McAfee Avert Labs

[Ernest_at_the_Beach]

This might be useful:

heisec Emailcheck

Courtesy of

*********************************************

Email has become the main entry point for viruses and worms. Inboxes are full of infected emails, and new contaminants are popping up every day. While anti-virus programs can reduce the risk, they cannot eliminate it altogether. It is therefore important to change your behaviour and the programs you use to take account of these threats.

Here, you will find everything you need to know to protect yourself from the flood of viruses. The section More info describes the possible risks, such as HTML emails and file attachments. Under Changing settings, we show you how to configure your email program to make it secure. Under Test emails, you can have emails sent to you that will reveal typical weak points without causing any damage.

For comments and suggestions, write to: emailcheck@heisec.co.uk

[Ernest_at_the_Beach]

Go to first link fpr more detail//////

[FreeRadical]

On the subject of browsers: I just downloaded Opera 9. I did so pretty much just for sport. I've been committed to firefox for some time, but I stumbled on a couple of rave reviews for opera and decided to go for it.
A couple of notes:
1) it plays nice. meaning it installs easily and w/o any ham handed "I'll be your browser now attitude."
2) it looks good. the interface is pretty and intuitive
3) it is good for testing and esoteric/geeky web dev activities.
4) it has several neat features: the site by site preferences, the rewind / fast frwd feature, the tab preview balloon, the trash can for closed tabs, etc

My been using it for 45 minutes review is definitely two thumbs up.

[Irishguy]

yep...and did u try the voice part...i just used that...pretty nice idea even if it does sound like a female terminator..

[FreeRadical]

No, I have not tried the voice thingee. I wondered if that might be cool to use for a "books on tape" kind of thing. ie: Find a good ebook (loads free til August 4, 2006) and let this thing read it to you.... seems like a cool idea but if the voice is grating that would be a bummer.

I do plan to keep playing with opera some, but I already miss firefox. How much of that is functionality vs familiarity I'm not sure.... but my hunch is my quickly missing firefox is almost all familiarity/comfort and that functionality is about the same, at least for the "base models". IMHO some of the extensions for firefox are just full on righteous and only getting better. (aardvark, edit css and web developer extensions immediately come to mind)   Opera does have the widgets notion, but a first glance at those was a little underwhelming.

Who knows & who cares -- it's all fun and games when you're a geek like me.

[FreeRadical]

update: Well, I downloaded the speech "extension" for opera.
It does not work with the pdf viewer, so much of my books on tape idea seems blown out of the water.
OTOH, The darn thing will make you laugh. I had it read my last post to me and it had me LOL. (a sure sign it's time for me to log off, if there ever was one.)

[fivekid]

bump

[sneakers]

bump

[Tinian]

Bump

[ShadowAce]

[antiRepublicrat]

Designed, in part, in response to competition from Firefox

Uh, no, designed ONLY in response to competition from Firefox. Microsoft hadn't touched IE in years, except for a few security patches, until Firefox started gaining marketshare and mindshare. Until then their idea of competition was to purposely make MSN render badly for Opera users.

[skinkinthegrass]

firefox....gettin' better and better. :)